Back to All Checks
Medium GuardDuty Regional

GuardDuty ECS Runtime Monitoring should be enabled

FSBP

Description

This control checks whether the Amazon GuardDuty automated security agent is enabled for runtime monitoring of Amazon ECS clusters on AWS Fargate. For a standalone account, the control fails if the security agent is disabled for the account. In a multi-account environment, the control fails if the security agent is disabled for the delegated GuardDuty administrator account and all member accounts. GuardDuty Runtime Monitoring observes and analyzes operating system-level, networking, and file events to help detect potential threats in specific AWS workloads within your environment. It utilizes GuardDuty security agents that provide visibility into runtime behavior, such as file access, process execution, and command line arguments.

Remediation

To enable GuardDuty ECS Runtime Monitoring, you need to configure the ECS Runtime Monitoring settings in GuardDuty.

Steps

  1. Navigate to the Amazon GuardDuty console
  2. Go to 'Settings' in the left navigation
  3. Select 'Runtime Monitoring'
  4. Enable 'ECS Runtime Monitoring' for Fargate
  5. Configure security agents for ECS clusters
  6. Set up monitoring for ECS tasks on Fargate
  7. Save the configuration
  8. Verify that ECS Runtime Monitoring is active

Compliance

FSBP
Start Your Free Security Check